Looking after your data during Coronavirus (COVID-19)

We’re here for you during these uncertain times

These are some of the things we’re doing to make sure your data is safe:

  • All of our staff receive regular training on data protection and information security – we have home-working guidance which all staff have to sign. This reminds them that they have to keep your information confidential and provides practical ways to do that when working from home.
  • All staff must read our security policies, standards and procedures and these are available to staff at all times.
  • Our staff access our systems through a Virtual Private Network (also known as VPN) with multi factor authentication - this is a technical control to prevent unauthorised access to our data and systems.
  • Staff are unable to use removable media and printers - only authorised staff can transfer information from their computer to USB memory sticks and no staff can print at home.
  • Staff are only able to access the websites they need to do their job – they can’t access personal email or file sharing sites.
  • All staff computers are fully encrypted with industry standard encryption.
  • We use data loss prevention tools – these automatically block unauthorised sharing or emailing of confidential information.
  • We have anti-virus and anti-malware software – this is on all staff computers as well as protecting our email and internet systems.
  • We use email filtering – emails are scanned to stop our staff getting phishing and spam emails.
  • We monitor access and changes to files – this includes logging all access to customer data.
  • Our security operations centre monitors our security systems 24 hours a day, 7 days a week. They make sure our systems are operating correctly.  They also monitor for unusual activity such as misuse of company devices or anyone trying to transfer confidential information.
  • We comply with the Payment Card Industry Data Security Standard when we take card payments.
  • We’re ISO27001 certified – this means that our Information Security Management System meets the international standard.